prosím o kontrolu logu

[ChrisS]

Dobrý den,
rád bych poprosil o kontrolu logu. PC je užíváno několika uživateli a myslím, že není v úplně dobrém stavu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:26, on 3.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\windows\Logi_MwX.Exe
C:\windows\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Jarda\Dokumenty\SOUBORY\Kryštof\Viry\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: //DarkNest
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 89.185.242.193 l2authd.lineage2.com
O1 - Hosts: 89.185.242.193 l2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [systemidle] stemIdle.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [System32 Spool ] winint.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [systemidle] stemIdle.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [System32 Spool ] winint.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0E8C12E2-5329-7ED2-1881-13296992E442} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
O16 - DPF: {17403C87-B807-522F-03B1-5C8718D0ADAD} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {2E5583D0-9080-1F05-9A45-58A279C2660F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4583D395-934D-455E-3CD2-30C144F294DB} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4BC54967-CD56-4191-9DD7-086CA61F2691} - http://advnt01.com/dialer/czeck1_ver3.CAB
O16 - DPF: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-cz/cz/games4.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza1767.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza1767.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner - C:\WINDOWS\ieam.exe (file missing)

--
End of file - 9677 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[ChrisS]

Log z Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1602
Windows 5.1.2600 Service Pack 2

3.1.2009 19:15:43
mbam-log-2009-01-03 (19-15-33).txt

Typ skenu: Rychlý sken
Objektu skenováno: 58609
Uplynulý cas: 6 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 5
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 1
Infikované soubory: 4

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Infikované soubory:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\hosts (Trojan.Agent) -> No action taken.
C:\WINDOWS\casino(2).ico (Malware.Trace) -> No action taken.
C:\WINDOWS\casino.ico (Malware.Trace) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

Poté:
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu-(po restartu drž klávesu F8)- (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[ChrisS]

MbAM log:

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1602
Windows 5.1.2600 Service Pack 2

3.1.2009 20:13:51
mbam-log-2009-01-03 (20-13-51).txt

Typ skenu: Rychlý sken
Objektu skenováno: 58610
Uplynulý cas: 5 minute(s), 41 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 5
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 1
Infikované soubory: 4

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\casino(2).ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\casino.ico (Malware.Trace) -> Quarantined and deleted successfully.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:03, on 3.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\windows\Logi_MwX.Exe
C:\windows\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Documents and Settings\Jarda\Dokumenty\SOUBORY\Kryštof\Viry\HiJackThis\HiJackThis.exe
C:\windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: //DarkNest
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 89.185.242.193 l2authd.lineage2.com
O1 - Hosts: 89.185.242.193 l2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [systemidle] stemIdle.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [System32 Spool ] winint.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [systemidle] stemIdle.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [System32 Spool ] winint.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0E8C12E2-5329-7ED2-1881-13296992E442} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
O16 - DPF: {17403C87-B807-522F-03B1-5C8718D0ADAD} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {2E5583D0-9080-1F05-9A45-58A279C2660F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4583D395-934D-455E-3CD2-30C144F294DB} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4BC54967-CD56-4191-9DD7-086CA61F2691} - http://advnt01.com/dialer/czeck1_ver3.CAB
O16 - DPF: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-cz/cz/games4.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza1767.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza1767.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner - C:\WINDOWS\ieam.exe (file missing)

--
End of file - 9644 bytes

[ChrisS]

SDFIX log:

SDFix: Version 1.240
Run by Jarda on so 03.01.2009 at 20:31

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\AZESEA~1.XML - Deleted
C:\WINDOWS\ABOX.EXE - Deleted
C:\WINDOWS\ATLAI.EXE - Deleted
C:\WINDOWS\IPCON32.EXE - Deleted
C:\WINDOWS\LOGON.EXE - Deleted
C:\WINDOWS\MSRV.EXE - Deleted
C:\WINDOWS\NETGT.EXE - Deleted
C:\DOCUME~1\JARDA\LOADED.EXE - Deleted
C:\windows\system32\c.bat - Deleted
C:\windows\system32\m.bat - Deleted
C:\windows\system32\s.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 20:38:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a397]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:39e3aaea
"s1"=dword:2418ccce
"s2"=dword:f9c708f3
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,ca,5c,e5,3d,f2,d1,72,06,c7,d0,07,45,fb,b4,1d,c7,32,49,1b,32,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,dc,f6,4c,ed,c0,4a,f4,bc,8e,33,a7,90,2e,3d,cc,82,..
"khjeh"=hex:ef,f6,4f,a0,07,99,66,17,cb,24,5c,1b,ad,10,57,89,0e,39,e2,0a,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c7,51,ea,27,ff,5e,77,34,82,1f,c6,a0,1d,1d,a9,78,d0,b4,9b,6f,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,ca,5c,e5,3d,f2,d1,72,06,c7,d0,07,45,fb,b4,1d,c7,32,49,1b,32,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,dc,f6,4c,ed,c0,4a,f4,bc,8e,33,a7,90,2e,3d,cc,82,..
"khjeh"=hex:ef,f6,4f,a0,07,99,66,17,cb,24,5c,1b,ad,10,57,89,0e,39,e2,0a,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,0c,2e,f3,3b,e0,4d,03,38,2d,69,c1,81,dc,9b,a1,77,09,a4,13,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011b107a397]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,ca,5c,e5,3d,f2,d1,72,06,c7,d0,07,45,fb,b4,1d,c7,32,49,1b,32,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,dc,f6,4c,ed,c0,4a,f4,bc,8e,33,a7,90,2e,3d,cc,82,..
"khjeh"=hex:ef,f6,4f,a0,07,99,66,17,cb,24,5c,1b,ad,10,57,89,0e,39,e2,0a,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c7,51,ea,27,ff,5e,77,34,82,1f,c6,a0,1d,1d,a9,78,d0,b4,9b,6f,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:85,cf,3c,cd,34,87,dd,d9,11,07,10,f4,24,9e,32,9b,a7,36,0b,9b,c8,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="F3C41C86D5EBCD6BF364384E8E585BF79F23924A6FD71FDF4DF1161BE90AD90D3C0C8F54EFA456D4C201247CE01A786086026C679116C7E944FC87D2D9C39F4AB11751E2BB6662D761E69CDF92C3418DBF8402CF56D80D8B1CEB41586F64A562C8AD2D7495C0E82F3AF0A9F5498ABD08503D3F5FCC992ABB9224AF84C0C9745895AB2FFD3D93E20BDD8E1E710CF27BCE605254A4E5A3D9E48821856148A49AA2D4FDABA8D415D08F01C58A39475986513FFB35E4F5165DE38570B63263F92A2EE52B38D2E4CEB35679AD4667CC6B76F35A891B16B7E6798C3134FCE9D6A13758C9C72E8DD61F93E8C373EDCA4FABE012C95901E3C7DA77225AA3D432FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452B210270EF3D68B3A514F4A04F03EA90AE66A9900492C0199140D7F843F62A4AB0938B81ECE921D3F11B473A0EC887E379E60EFB3E7951CCAEE47BC28D44EC6CE3F09F6B181A397468E1125D60739524A6E231B43E01ED2B8E4AE72E597460A42E17D125A78648FB3BF25BF22E7FDBBA456554BBCB2E85AE39EECC375FE82E64060E33D9BC4C0DC9F7C0428F6571B13DA39F0B71CFE302D7AA6FED60129CC9838906031EE1B3C1CD20496483B4264F5355C4319D68D3C09E36CB755AA54871DCBA9E728C1D4E9AD5075970A47BDC5C4AFEAEAADD2C8EE7039C3BC6F05E427B852C846E175EDF3B4C95896DF6A7D3D267B735E366B403929C7E387579962B271D56F99A25E0818992615F7BEE55C5C827DE7E7796E27A2BD12E7E5426379C69394FED5B245E7A70A8279731E7157C9064E9D214021D248FC4CD0796DD179942D0142415C68F68773AD3615FB3411BF23B8D07CD8393F5877617F391649565F92C265F570F7C0AF8C2B60BC58CFCE0D8E3F1F3E15628B9504EC3DEC7EA3A700DA33F7634199F72F4CB2739C3753FA9341158B00C93A79D7BC4234346EAA2A62DFE0EE4C28E46F276E2FCBBEA146A44A78A47BAD51D4F18A01E6F47E309FBC86418F22460068A2CCF3402AFCA5A1FABAB587B90888397DACF09271159035650263B44FBE28252BE821BAB388515455823D90F5A4D1614D517434038E6515497B6BFA16F1840E4D587DA4F263BB40AED419C3BF6C923FB2A0356DE3D9035BB630C6407AF37C0F6C0D543B54E77B3BA2F717D98F1AB43224D4A093B339C5951B702219642BFB03108DB8EA2BBFAF0F754646BEC040A5933E3EE83075428A4A8C2073CAA15272BC67EF7C5A2AEC76FA0C2DFD928EC357AD3F3F050011DE357141376FCEE1F7D37FC2E43760EC4075AFEE30D52B9E5DBE400ACE2FF451CB2BF417C212553A80978596AB4786EEE2D5534EE4AB90F419D5FC"

scanning hidden files ...

C:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\E13STOVI\kamar_di bodyguardi :-)[1].jpg 2976 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:15, on 3.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\AGRSMMSG.exe
C:\windows\Logi_MwX.Exe
C:\windows\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\windows\System32\svchost.exe
C:\Documents and Settings\Jarda\Dokumenty\SOUBORY\Kryštof\Viry\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [systemidle] stemIdle.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [System32 Spool ] winint.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [systemidle] stemIdle.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [System32 Spool ] winint.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0E8C12E2-5329-7ED2-1881-13296992E442} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
O16 - DPF: {17403C87-B807-522F-03B1-5C8718D0ADAD} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {2E5583D0-9080-1F05-9A45-58A279C2660F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4583D395-934D-455E-3CD2-30C144F294DB} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4BC54967-CD56-4191-9DD7-086CA61F2691} - http://advnt01.com/dialer/czeck1_ver3.CAB
O16 - DPF: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-cz/cz/games4.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza1767.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza1767.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner - C:\WINDOWS\ieam.exe (file missing)

--
End of file - 9467 bytes

ikony+disky OK

[jaro3]

Najdi a smaž: C:\SDFix
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[ChrisS]

ComboFix Log:

ComboFix 09-01-02.01 - Jarda 2009-01-03 23:30:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.511.174 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jarda\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jarda\Dokumenty\Hudba\Music\Metal ballads\Ballads vol.1\_desktop.ini
c:\documents and settings\Jarda\Dokumenty\Hudba\Music\Metal ballads\Ballads vol.2\_desktop.ini
c:\documents and settings\Jarda\Local Settings\TempNER063E5332.exe
c:\documents and settings\Jarda\Local Settings\TempNER087C282F.exe
c:\documents and settings\Jarda\Local Settings\TempNER08AA6E30.exe
c:\documents and settings\Jarda\Local Settings\TempNER09271282.exe
c:\documents and settings\Jarda\Local Settings\TempNER0B6A4C22.exe
c:\documents and settings\Jarda\Local Settings\TempNER0CB20ED7.exe
c:\documents and settings\Jarda\Local Settings\TempNER0DC05C22.exe
c:\documents and settings\Jarda\Local Settings\TempNER1AB7182E.exe
c:\documents and settings\Jarda\Local Settings\TempNER1B1E0E57.exe
c:\documents and settings\Jarda\Local Settings\TempNER229B0FBF.EXE
c:\documents and settings\Jarda\Local Settings\TempNER2BC3047E.exe
c:\documents and settings\Jarda\Local Settings\TempNER2ED054DC.exe
c:\documents and settings\Jarda\Local Settings\TempNER32C8368E.exe
c:\documents and settings\Jarda\Local Settings\TempNER3C6849A1.exe
c:\documents and settings\Jarda\Local Settings\TempNER3D624FDC.exe
c:\documents and settings\Jarda\Local Settings\TempNER3F364669.exe
c:\documents and settings\Jarda\Local Settings\TempNER488729F9.exe
c:\documents and settings\Jarda\Local Settings\TempNER60020029.exe
c:\documents and settings\Jarda\Local Settings\TempNER62164823.exe
c:\documents and settings\Jarda\Local Settings\TempNER64190C91.EXE
c:\documents and settings\Jarda\Local Settings\TempNER64864FE1.exe
c:\documents and settings\Jarda\Local Settings\TempNER687E2C49.exe
c:\documents and settings\Jarda\Local Settings\TempNER6B3D3C61.exe
c:\documents and settings\Jarda\Local Settings\TempNER6DAE2FFF.exe
c:\documents and settings\Jarda\Local Settings\TempNER6FE06C69.exe
c:\documents and settings\Jarda\Local Settings\TempNER7242288F.exe
c:\documents and settings\Jarda\Local Settings\TempNER72D36D28.exe
c:\documents and settings\Jarda\Local Settings\TempNER74933A61.exe
c:\documents and settings\Jarda\Local Settings\TempNER76D522CD.exe
c:\documents and settings\Jarda\Local Settings\TempNER7CF10BB3.exe
c:\documents and settings\Jarda\Local Settings\TempNER7FBF7DD1.exe
c:\documents and settings\Jarda\Local Settings\TempNER9C066319.exe
c:\documents and settings\Jarda\Local Settings\TempNERA07B05D6.exe
c:\documents and settings\Jarda\Local Settings\TempNERA72C261E.exe
c:\documents and settings\Jarda\Local Settings\TempNERA8A44944.exe
c:\documents and settings\Jarda\Local Settings\TempNERAB4B2EA6.exe
c:\documents and settings\Jarda\Local Settings\TempNERADF83A90.exe
c:\documents and settings\Jarda\Local Settings\TempNERB1B14BFF.exe
c:\documents and settings\Jarda\Local Settings\TempNERB4AE113A.exe
c:\documents and settings\Jarda\Local Settings\TempNERB5A42E40.exe
c:\documents and settings\Jarda\Local Settings\TempNERB8831366.exe
c:\documents and settings\Jarda\Local Settings\TempNERC7D97DE0.exe
c:\documents and settings\Jarda\Local Settings\TempNERC887305E.EXE
c:\documents and settings\Jarda\Local Settings\TempNERCAD63658.exe
c:\windows\msvrc20.dll
c:\windows\system32\components

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_OULTRAF
-------\Legacy_WIN32_SYSTEM_SPOOL
-------\Legacy_ZESOFT
-------\Service_oUltraf


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-03 do 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\documents and settings\Jarda\Data aplikací\Malwarebytes
2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-03 19:07 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 19:07 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 16:11 . 2009-01-03 16:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-01-03 16:04 . 2009-01-03 16:07 <DIR> d-------- c:\windows\nview
2009-01-03 16:04 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2009-01-03 16:04 . 2009-01-03 23:35 88,566 --a------ c:\windows\system32\nvapps.xml
2009-01-03 16:04 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu
2009-01-03 16:03 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-03 14:52 . 2003-07-22 00:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-01-03 14:52 . 2005-01-05 15:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-01-03 14:42 . 2009-01-03 14:52 <DIR> d-------- c:\program files\Lineage II
2009-01-03 12:26 . 2009-01-03 14:53 <DIR> d-------- c:\program files\Lineage II Interlude
2009-01-01 14:59 . 2009-01-01 15:00 <DIR> d-a------ c:\program files\Miranda IM
2009-01-01 13:17 . 2009-01-01 13:17 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-01 13:17 . 2009-01-01 13:17 <DIR> d-------- c:\documents and settings\Jarda\SystemRequirementsLab
2009-01-01 12:44 . 2009-01-01 12:45 <DIR> d-------- c:\program files\CS2D
2008-12-31 12:49 . 2008-12-31 12:49 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-31 12:49 . 2008-12-31 12:50 <DIR> d-------- c:\program files\Microsoft IntelliType Pro
2008-12-30 12:01 . 2008-12-30 17:51 <DIR> d-------- c:\program files\RocketDock
2008-12-09 22:24 . 2008-12-09 22:24 <DIR> d-------- c:\documents and settings\Jarda\Data aplikací\QIP
2008-12-07 20:13 . 2008-12-07 20:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ultima_T15
2008-12-07 20:13 . 2008-12-07 20:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\EnterNHelp
2008-12-07 20:13 . 2008-12-07 20:13 0 --a------ c:\documents and settings\All Users\Data aplikací\PKP_DLbx.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 15:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-03 13:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 17:09 --------- d-----w c:\documents and settings\Jarda\Data aplikací\uTorrent
2009-01-02 15:22 --------- d-----w c:\documents and settings\Jarda\Data aplikací\Vso
2008-12-28 11:11 --------- d-----w c:\documents and settings\Jarda\Data aplikací\Winamp
2008-12-28 11:03 --------- d-----w c:\program files\Winamp
2008-12-23 21:37 --------- d-----w c:\program files\GamePark
2008-11-22 16:21 --------- d-----w c:\program files\IrfanView
2008-11-16 22:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-16 19:56 --------- d-----w c:\program files\Common Files\Macromedia
2008-11-16 09:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 23:09 --------- d-----w c:\program files\The KMPlayer
2008-11-14 19:09 --------- d-----w c:\program files\Soldat
2008-11-14 19:08 --------- d-----w c:\program files\GameSpy Arcade
2008-11-14 19:08 --------- d-----w c:\program files\DivX
2008-11-14 19:08 --------- d-----w c:\program files\directx
2008-11-14 19:08 --------- d-----w c:\program files\Common Files\Vbox
2008-11-14 19:08 --------- d-----w c:\program files\Common Files\InterVideo
2008-11-14 19:08 --------- d-----w c:\program files\Ahead
2008-11-07 15:49 --------- d-----w c:\program files\Lavalys
2008-11-06 17:56 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-06-07 11:43 21,812 ----a-w c:\documents and settings\Jarda\Data aplikací\ViewerApp.dat
2006-12-02 10:24 81,920 ----a-w c:\documents and settings\Jarda\Data aplikací\ezpinst.exe
2006-12-02 10:24 47,360 ----a-w c:\documents and settings\Jarda\Data aplikací\pcouffin.sys
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\7.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\6.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\5.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\4.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\3.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\1.dat
2004-12-10 04:20 85 --sha-w c:\windows\crnq32(2).exe
2004-12-10 04:20 85 --sha-w c:\windows\crnq32.exe
2008-08-08 18:04 56 --sh--r c:\windows\system32\61D82ACCBA.sys
2008-08-08 18:04 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]
"anvshell"="anvshell.exe" [2003-05-29 c:\windows\anvshell.exe]
"LiveNote"="livenote.exe" [2002-07-11 c:\windows\livenote.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

c:\windows\system32\config\systemprofile\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]

c:\documents and settings\Jarda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-25 434176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0OODBS\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2004-02-16 233280]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-09-23 69120]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S1 ShldDrv;Panda File Shield Driver; [x]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ids0004C;ids0004C;\??\c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys --> c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys [?]
S3 ids0005c;ids0005c;\??\c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys --> c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [?]
S3 klstm;klstm;\??\c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys --> c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-09-23 3584]
S4 PavProc;Panda Process Protection Driver;\??\c:\windows\System32\DRIVERS\PavProc.sys --> c:\windows\System32\DRIVERS\PavProc.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5decd32-efa4-11dc-9505-000c6ecfc2dc}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-systemidle - stemIdle.exe
HKU-Default-RunOnce-System32 Spool - winint.exe
HKU-Default-RunOnce-Winamp media player - winapa.exe
HKU-Default-RunServices-MSN Messanger - msnmsng.exe
ShellExecuteHooks-{5430B7C1-2A08-444A-40BC-058823989D6D} - (no file)
ShellExecuteHooks-{424ABE10-F32F-4414-2796-9A1E9B1E6136} - (no file)
ShellExecuteHooks-{0A9B90F7-658F-4A93-5BA1-FBA9D9DE4E94} - (no file)
ShellExecuteHooks-{FFE66031-51A7-45EE-A18C-E81A7CAEB89A} - (no file)
ShellExecuteHooks-{14A58A09-DB7C-491F-4F9C-3439D07C4D83} - (no file)
ShellExecuteHooks-{E6BC7FFD-EF52-4712-2CB7-04E6AC1CC900} - (no file)
ShellExecuteHooks-{442506B4-91C4-4B24-C2B8-0B2B15243F7F} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-CTFMON - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
IE: &ICQ Toolbar Search
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
LSP: xfire_lsp_10650.dll
Trusted Zone: www.mojebanka.cz
Trusted Zone: *.iframedollars.biz
Trusted Zone: www.mojebanka.cz
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {0E8C12E2-5329-7ED2-1881-13296992E442} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {1230CB21-C88D-11CF-0000-000000000000} - hxxp://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
c:\windows\Downloaded Program Files\installer.inf

O16 -: {17403C87-B807-522F-03B1-5C8718D0ADAD} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {2E5583D0-9080-1F05-9A45-58A279C2660F} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {4583D395-934D-455E-3CD2-30C144F294DB} - hxxp://213.159.117.150/1/rdgCZ10.exe

c:\windows\System32\objsafe.tlb - c:\windows\Downloaded Program Files\czeck1_ver3.ocx
O16 -: {4BC54967-CD56-4191-9DD7-086CA61F2691}
hxxp://advnt01.com/dialer/czeck1_ver3.CAB
c:\windows\Downloaded Program Files\czeck1_ver3.INF

O16 -: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - hxxp://213.159.117.150/1/rdgCZ10.exe
FF - ProfilePath - c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\6iyfterz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 23:35:42
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-573735546-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1078081533-573735546-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:95,9a,03,35,2d,86,32,c4,4f,86,c7,a4,bc,4e,2a,f8,30,8a,2e,27,56,6f,ee,\
40,ac,b3,7c,d5,b3,51,c5,b4,c4,1c,80,4f,66,0b,04,4d,56,3f,14,1b,ee,56,9a,42,\
fd,d3,14,fb,fb,58,4c,c2,be,e8,98,fb,1e,44,56,45,bc,b1,f2,62,45,f7,78,fd,f6,\
e7,bc,7a,a8,5d,d1,ad,3b,1d,93,13,21,56,4d,9d,c2,6c,24,58,4b,ae,0a,5f,34,d7,\
db,6f,bb,eb,42,06,8b,96,4e,0e,53,11,f0,ba,d5,8c,38,21,a7,69,57,fc,ae,29,9a,\
1e,5c,ef,cf,b9,4a,c3,74,cd,6c,04,19,42,31,0e,33,13,b2,e8,b6,da,83,b6,23,bd,\
d8,08,2c,72,9b,66,a7,84,e0,d8,58,9f,26,67,fa,50,a3,45,ab,31,5d,a9,2f,14,3c,\
23,70,e0,1b,22,f2,8a,1e,d8,f8,c4,e7,8a,da,dd,8e,ef,24,67,d1,bb,98,71,18,11,\
33,2e,bc,a7,e7,17,7d,97,67,9d,68,29,df,3f,9d,3f,30,4c,b7,2e,66,97,a8,79,3f,\
15,b0,f3,b8,54,7d,1f,2a,01,a7,ed,47,e9,2b,97,f1,21,c8,bc,0a,c0,aa,cb,97,9f,\
04,ae,92,53,bb,d3,09,10,bd,fa,57,d5,d9,98,eb,a0,e7,f9,b4,76,03,bc,f2,c0,58,\
ad,72,00,fd,3d,fc,f1,47,93,71,1e,2c,56,31,75,e1,8e,05,c7,a4,fd,ac,c6,06,af,\
f3,94,42,0a,f3,bb,22,1c,83,3a,2c,f5,07,41,a9,c6,81,aa,d5,bc,21,73,ed,e0,8b,\
09,a1,57,88,10,e5,f7,66,f7,8f,63,6e,b5,80,fd,96,7b,65,06,cd,b0,09,b9,b3,3e,\
d9,df,90,a5,b8,44,6c,6b,84,4f,ed,d5,f4,af,6e,b6,9e,fe,48,17,12,3c,72,e8,9e,\
04,06,c8,97,bd,cf,3e,cf,cf,7b,c9,55,37,f7,42,9b,e8,bd,3c,26,ca,e4,be,4a,2c,\
1d,15,86,f1,77,29,b3,18,ea,d2,1e,67,fa,12,fe,83,30,13,8c,90,52,07,67,f0,a1,\
0a,fc,5d,fc,fe,1e,df,62,e0,c1,d6,e2,02,d0,8f,01,53,f7,80,0b,69,ae,3e,c2,61,\
91,46,de,ab,f8,21,e1,0d,f0,bb,80,3d,b7,12,c4,cd,5a,6a,33,66,09,c9,98,5e,16,\
8e,6b,6e,0d,1f,40,70,a5,d3,a9,67,79,ca,93,d0,34,91,b8,c1,de,f1,57,90,16,1a,\
36,da,b1,80,11,3c,18,63,4f,03,97,f9,65,fc,2e,78,b1,b1,9c,c0,d7,fe,5b,55,84,\
67,6c,98,ef,d1,73,0e,2c,57,b4,fa,5b,82,99,cf,a8,b1,54,1a,c7,e1,e5,9c,11,20,\
3d,4f,83,aa,a2,8c,ff,4f,39,d0,34,e3,c9,0a,00,27,c6,34,b8,09,1f,24,37,ae,8a,\
07,c6,4c,a9,4b,81,26,44,b1,da,fd,41,63,40,4b,ec,4e,4e,af,54,af,69,55,52,ea,\
00,92,ed,0e,b9,47,b8,a8,f7,33,cb,de,e4,cd,11,54,c7,f3,24,18,82,33,40,5d,8e,\
54,d2,37,36,92,6d,39,e2,87,19,9f,90,81,92,0b,71,33,ef,c6,fb,9a,d7,7d,15,18,\
44,b7,28,4f,8b,76,d3,6f,19,a2,05,24,b7,0e,47,e5,da,24,89,c0,18,d5,a4,a6,20,\
70,1d,a6,71,a0,a9,fa,3f,1a,98,b3,d6,92,7d,dd,59,c0,41,5c,f8,01,96,22,d7,95,\
67,a8,df,29,3c,89,9e,d8,fb,74,db,c3,f7,c2,e7,ec,44,c8,07,d4,ee,42,e1,08,d0,\
54,e2,c3,0d,f6,8d,4d,c4,06,e4,1c,e2,51,09,3f,9a,bb,1c,5b,ba,32,b7,55,25,e2,\
1b,02,e3,3e,fd,60,9b,89,14,12,56,f6,aa,48,47,a2,23,b6,86,82,a7,a7,8e,5a,94,\
c6,12,23,af,ac,16,39,b6,c7,1e,1c,4a,11,4d,1f,b2,27,55,3c,14,0e,71,d1,b7,04,\
24,aa,1e,52,22,4f,83,f9,f2,8d,0d,c0,87,9e,68,68,13,70,89,b3,e2,17,7a,c3,5a,\
30,ee,4a,23,d6,70,7e,24,b9,71,f1,09,c0,96,94,45,07,0d,47,de,6b,4f,d4,07,26,\
9f,3d,23,00,13,0a,e9,7d,1b,55,f1,86,55,2f,fe,45,fe,1d,47,41,b0,50,51,3f,86,\
1e,51,b3,fd,f7,eb,8c,6b,e3,f7,3e,6b,e3,ef,26
"??"=hex:99,e7,4e,13,06,de,f2,d0,15,15,5a,b1,69,79,4f,ab

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG10.00.00.01WORKSTATION"="F3C41C86D5EBCD6BF364384E8E585BF79F23924A6FD71FDF4DF1161BE90AD90D3C0C8F54EFA456D4C201247CE01A786086026C679116C7E944FC87D2D9C39F4AB11751E2BB6662D761E69CDF92C3418DBF8402CF56D80D8B1CEB41586F64A562C8AD2D7495C0E82F3AF0A9F5498ABD08503D3F5FCC992ABB9224AF84C0C9745895AB2FFD3D93E20BDD8E1E710CF27BCE605254A4E5A3D9E48821856148A49AA2D4FDABA8D415D08F01C58A39475986513FFB35E4F5165DE38570B63263F92A2EE52B38D2E4CEB35679AD4667CC6B76F35A891B16B7E6798C3134FCE9D6A13758C9C72E8DD61F93E8C373EDCA4FABE012C95901E3C7DA77225AA3D432FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452B210270EF3D68B3A514F4A04F03EA90AE66A9900492C0199140D7F843F62A4AB0938B81ECE921D3F11B473A0EC887E379E60EFB3E7951CCAEE47BC28D44EC6CE3F09F6B181A397468E1125D60739524A6E231B43E01ED2B8E4AE72E597460A42E17D125A78648FB3BF25BF22E7FDBBA456554BBCB2E85AE39EECC375FE82E64060E33D9BC4C0DC9F7C0428F6571B13DA39F0B71CFE302D7AA6FED60129CC9838906031EE1B3C1CD20496483B4264F5355C4319D68D3C09E36CB755AA54871DCBA9E728C1D4E9AD5075970A47BDC5C4AFEAEAADD2C8EE7039C3BC6F05E427B852C846E175EDF3B4C95896DF6A7D3D267B735E366B403929C7E387579962B271D56F99A25E0818992615F7BEE55C5C827DE7E7796E27A2BD12E7E5426379C69394FED5B245E7A70A8279731E7157C9064E9D214021D248FC4CD0796DD179942D0142415C68F68773AD3615FB3411BF23B8D07CD8393F5877617F391649565F92C265F570F7C0AF8C2B60BC58CFCE0D8E3F1F3E15628B9504EC3DEC7EA3A700DA33F7634199F72F4CB2739C3753FA9341158B00C93A79D7BC4234346EAA2A62DFE0EE4C28E46F276E2FCBBEA146A44A78A47BAD51D4F18A01E6F47E309FBC86418F22460068A2CCF3402AFCA5A1FABAB587B90888397DACF09271159035650263B44FBE28252BE821BAB388515455823D90F5A4D1614D517434038E6515497B6BFA16F1840E4D587DA4F263BB40AED419C3BF6C923FB2A0356DE3D9035BB630C6407AF37C0F6C0D543B54E77B3BA2F717D98F1AB43224D4A093B339C5951B702219642BFB03108DB8EA2BBFAF0F754646BEC040A5933E3EE83075428A4A8C2073CAA15272BC67EF7C5A2AEC76FA0C2DFD928EC357AD3F3F050011DE357141376FCEE1F7D37FC2E43760EC4075AFEE30D52B9E5DBE400ACE2FF451CB2BF417C212553A80978596AB4786EEE2D5534EE4AB90F419D5FC"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2009-01-03 23:41:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-03 22:41:09

Před spuštěním: Volných bajtů: 45 084 762 112
Po spuštění: Volných bajtů: 44,971,876,352

354 --- E O F --- 2009-01-01 23:37:15

[jaro3]

Toto teda vypadá, nákaza, Kaspersky , Panda , dialer...

START-spustit-cmd.exe-do dosového okna vlož text napsaný modře:
sc stop ShldDrv
sc delete ShldDrv
sc stop ids0004C
sc delete ids0004C
sc stop ids0005c
sc delete ids0005c
sc stop klstm
sc delete klstm
sc stop PavProc
sc delete PavProc
exit


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\crnq32(2).exe
c:\windows\crnq32.exe
c:\windows\system32\drivers\av5flt.sys
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys
c:\windows\System32\DRIVERS\PavProc.sys
c:\windows\System32\objsafe.tlb
c:\windows\Downloaded Program Files\czeck1_ver3.INF

Folder::
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal

Driver::
av5flt
ShldDrv
ids0004C
ids0005c
klstm
PavProc


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\XDva093.sys
c:\windows\system32\XDva193.sys
c:\windows\system32\61D82ACCBA.sys
Vlož sem pak výsledky.

[ChrisS]

ComboFix Log:

¨ComboFix 09-01-02.01 - Jarda 2009-01-04 14:21:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.511.173 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jarda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jarda\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys
c:\documents and settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys
c:\windows\crnq32(2).exe
c:\windows\crnq32.exe
c:\windows\Downloaded Program Files\czeck1_ver3.INF
c:\windows\system32\drivers\av5flt.sys
c:\windows\System32\DRIVERS\PavProc.sys
c:\windows\System32\objsafe.tlb
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\crnq32(2).exe
c:\windows\crnq32.exe
c:\windows\Downloaded Program Files\czeck1_ver3.INF

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDS0004C
-------\Legacy_IDS0005C
-------\Legacy_KLSTM


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-04 do 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\documents and settings\Jarda\Data aplikací\Malwarebytes
2009-01-03 19:07 . 2009-01-03 19:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-03 19:07 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 19:07 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 16:11 . 2009-01-03 16:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2009-01-03 16:04 . 2009-01-03 16:07 <DIR> d-------- c:\windows\nview
2009-01-03 16:04 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2009-01-03 16:04 . 2009-01-04 14:25 88,566 --a------ c:\windows\system32\nvapps.xml
2009-01-03 16:04 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu
2009-01-03 16:03 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-03 14:52 . 2003-07-22 00:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-01-03 14:52 . 2005-01-05 15:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-01-03 14:42 . 2009-01-03 14:52 <DIR> d-------- c:\program files\Lineage II
2009-01-03 12:26 . 2009-01-03 14:53 <DIR> d-------- c:\program files\Lineage II Interlude
2009-01-01 14:59 . 2009-01-01 15:00 <DIR> d-a------ c:\program files\Miranda IM
2009-01-01 13:17 . 2009-01-01 13:17 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-01 13:17 . 2009-01-01 13:17 <DIR> d-------- c:\documents and settings\Jarda\SystemRequirementsLab
2009-01-01 12:44 . 2009-01-01 12:45 <DIR> d-------- c:\program files\CS2D
2008-12-31 12:49 . 2008-12-31 12:49 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-31 12:49 . 2008-12-31 12:50 <DIR> d-------- c:\program files\Microsoft IntelliType Pro
2008-12-30 12:01 . 2008-12-30 17:51 <DIR> d-------- c:\program files\RocketDock
2008-12-09 22:24 . 2008-12-09 22:24 <DIR> d-------- c:\documents and settings\Jarda\Data aplikací\QIP
2008-12-07 20:13 . 2008-12-07 20:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ultima_T15
2008-12-07 20:13 . 2008-12-07 20:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\EnterNHelp
2008-12-07 20:13 . 2008-12-07 20:13 0 --a------ c:\documents and settings\All Users\Data aplikací\PKP_DLbx.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 15:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-03 13:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 17:09 --------- d-----w c:\documents and settings\Jarda\Data aplikací\uTorrent
2009-01-02 15:22 --------- d-----w c:\documents and settings\Jarda\Data aplikací\Vso
2008-12-28 11:11 --------- d-----w c:\documents and settings\Jarda\Data aplikací\Winamp
2008-12-28 11:03 --------- d-----w c:\program files\Winamp
2008-12-23 21:37 --------- d-----w c:\program files\GamePark
2008-11-22 16:21 --------- d-----w c:\program files\IrfanView
2008-11-16 22:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-16 19:56 --------- d-----w c:\program files\Common Files\Macromedia
2008-11-16 09:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 23:09 --------- d-----w c:\program files\The KMPlayer
2008-11-14 19:09 --------- d-----w c:\program files\Soldat
2008-11-14 19:08 --------- d-----w c:\program files\GameSpy Arcade
2008-11-14 19:08 --------- d-----w c:\program files\DivX
2008-11-14 19:08 --------- d-----w c:\program files\directx
2008-11-14 19:08 --------- d-----w c:\program files\Common Files\Vbox
2008-11-14 19:08 --------- d-----w c:\program files\Common Files\InterVideo
2008-11-14 19:08 --------- d-----w c:\program files\Ahead
2008-11-07 15:49 --------- d-----w c:\program files\Lavalys
2008-11-06 17:56 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-06-07 11:43 21,812 ----a-w c:\documents and settings\Jarda\Data aplikací\ViewerApp.dat
2006-12-02 10:24 81,920 ----a-w c:\documents and settings\Jarda\Data aplikací\ezpinst.exe
2006-12-02 10:24 47,360 ----a-w c:\documents and settings\Jarda\Data aplikací\pcouffin.sys
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\7.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\6.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\5.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\4.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\3.dat
2004-12-27 20:17 0 ----a-w c:\documents and settings\Jarda\1.dat
2008-08-08 18:04 56 --sh--r c:\windows\system32\61D82ACCBA.sys
2008-08-08 18:04 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]
"anvshell"="anvshell.exe" [2003-05-29 c:\windows\anvshell.exe]
"LiveNote"="livenote.exe" [2002-07-11 c:\windows\livenote.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

c:\windows\system32\config\systemprofile\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]

c:\documents and settings\Jarda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
desktop(2)(2).ini [2004-02-16 84]
desktop(2).ini [2004-02-16 84]
desktop(3).ini [2004-02-16 84]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-25 434176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0OODBS\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2004-02-16 233280]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-09-23 69120]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-09-23 3584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5decd32-efa4-11dc-9505-000c6ecfc2dc}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
IE: &ICQ Toolbar Search
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
LSP: xfire_lsp_10650.dll
Trusted Zone: www.mojebanka.cz
Trusted Zone: *.iframedollars.biz
Trusted Zone: www.mojebanka.cz
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {0E8C12E2-5329-7ED2-1881-13296992E442} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {1230CB21-C88D-11CF-0000-000000000000} - hxxp://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
c:\windows\Downloaded Program Files\installer.inf

O16 -: {17403C87-B807-522F-03B1-5C8718D0ADAD} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {2E5583D0-9080-1F05-9A45-58A279C2660F} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {4583D395-934D-455E-3CD2-30C144F294DB} - hxxp://213.159.117.150/1/rdgCZ10.exe

c:\windows\System32\objsafe.tlb - c:\windows\Downloaded Program Files\czeck1_ver3.ocx
O16 -: {4BC54967-CD56-4191-9DD7-086CA61F2691}
hxxp://advnt01.com/dialer/czeck1_ver3.CAB
c:\windows\Downloaded Program Files\czeck1_ver3.INF

O16 -: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - hxxp://213.159.117.150/1/rdgCZ10.exe

O16 -: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - hxxp://213.159.117.150/1/rdgCZ10.exe
FF - ProfilePath - c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\6iyfterz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 14:26:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-573735546-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1078081533-573735546-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:95,9a,03,35,2d,86,32,c4,4f,86,c7,a4,bc,4e,2a,f8,30,8a,2e,27,56,6f,ee,\
40,ac,b3,7c,d5,b3,51,c5,b4,c4,1c,80,4f,66,0b,04,4d,56,3f,14,1b,ee,56,9a,42,\
fd,d3,14,fb,fb,58,4c,c2,be,e8,98,fb,1e,44,56,45,bc,b1,f2,62,45,f7,78,fd,f6,\
e7,bc,7a,a8,5d,d1,ad,3b,1d,93,13,21,56,4d,9d,c2,6c,24,58,4b,ae,0a,5f,34,d7,\
db,6f,bb,eb,42,06,8b,96,4e,0e,53,11,f0,ba,d5,8c,38,21,a7,69,57,fc,ae,29,9a,\
1e,5c,ef,cf,b9,4a,c3,74,cd,6c,04,19,42,31,0e,33,13,b2,e8,b6,da,83,b6,23,bd,\
d8,08,2c,72,9b,66,a7,84,e0,d8,58,9f,26,67,fa,50,a3,45,ab,31,5d,a9,2f,14,3c,\
23,70,e0,1b,22,f2,8a,1e,d8,f8,c4,e7,8a,da,dd,8e,ef,24,67,d1,bb,98,71,18,11,\
33,2e,bc,a7,e7,17,7d,97,67,9d,68,29,df,3f,9d,3f,30,4c,b7,2e,66,97,a8,79,3f,\
15,b0,f3,b8,54,7d,1f,2a,01,a7,ed,47,e9,2b,97,f1,21,c8,bc,0a,c0,aa,cb,97,9f,\
04,ae,92,53,bb,d3,09,10,bd,fa,57,d5,d9,98,eb,a0,e7,f9,b4,76,03,bc,f2,c0,58,\
ad,72,00,fd,3d,fc,f1,47,93,71,1e,2c,56,31,75,e1,8e,05,c7,a4,fd,ac,c6,06,af,\
f3,94,42,0a,f3,bb,22,1c,83,3a,2c,f5,07,41,a9,c6,81,aa,d5,bc,21,73,ed,e0,8b,\
09,a1,57,88,10,e5,f7,66,f7,8f,63,6e,b5,80,fd,96,7b,65,06,cd,b0,09,b9,b3,3e,\
d9,df,90,a5,b8,44,6c,6b,84,4f,ed,d5,f4,af,6e,b6,9e,fe,48,17,12,3c,72,e8,9e,\
04,06,c8,97,bd,cf,3e,cf,cf,7b,c9,55,37,f7,42,9b,e8,bd,3c,26,ca,e4,be,4a,2c,\
1d,15,86,f1,77,29,b3,18,ea,d2,1e,67,fa,12,fe,83,30,13,8c,90,52,07,67,f0,a1,\
0a,fc,5d,fc,fe,1e,df,62,e0,c1,d6,e2,02,d0,8f,01,53,f7,80,0b,69,ae,3e,c2,61,\
91,46,de,ab,f8,21,e1,0d,f0,bb,80,3d,b7,12,c4,cd,5a,6a,33,66,09,c9,98,5e,16,\
8e,6b,6e,0d,1f,40,70,a5,d3,a9,67,79,ca,93,d0,34,91,b8,c1,de,f1,57,90,16,1a,\
36,da,b1,80,11,3c,18,63,4f,03,97,f9,65,fc,2e,78,b1,b1,9c,c0,d7,fe,5b,55,84,\
67,6c,98,ef,d1,73,0e,2c,57,b4,fa,5b,82,99,cf,a8,b1,54,1a,c7,e1,e5,9c,11,20,\
3d,4f,83,aa,a2,8c,ff,4f,39,d0,34,e3,c9,0a,00,27,c6,34,b8,09,1f,24,37,ae,8a,\
07,c6,4c,a9,4b,81,26,44,b1,da,fd,41,63,40,4b,ec,4e,4e,af,54,af,69,55,52,ea,\
00,92,ed,0e,b9,47,b8,a8,f7,33,cb,de,e4,cd,11,54,c7,f3,24,18,82,33,40,5d,8e,\
54,d2,37,36,92,6d,39,e2,87,19,9f,90,81,92,0b,71,33,ef,c6,fb,9a,d7,7d,15,18,\
44,b7,28,4f,8b,76,d3,6f,19,a2,05,24,b7,0e,47,e5,da,24,89,c0,18,d5,a4,a6,20,\
70,1d,a6,71,a0,a9,fa,3f,1a,98,b3,d6,92,7d,dd,59,c0,41,5c,f8,01,96,22,d7,95,\
67,a8,df,29,3c,89,9e,d8,fb,74,db,c3,f7,c2,e7,ec,44,c8,07,d4,ee,42,e1,08,d0,\
54,e2,c3,0d,f6,8d,4d,c4,06,e4,1c,e2,51,09,3f,9a,bb,1c,5b,ba,32,b7,55,25,e2,\
1b,02,e3,3e,fd,60,9b,89,14,12,56,f6,aa,48,47,a2,23,b6,86,82,a7,a7,8e,5a,94,\
c6,12,23,af,ac,16,39,b6,c7,1e,1c,4a,11,4d,1f,b2,27,55,3c,14,0e,71,d1,b7,04,\
24,aa,1e,52,22,4f,83,f9,f2,8d,0d,c0,87,9e,68,68,13,70,89,b3,e2,17,7a,c3,5a,\
30,ee,4a,23,d6,70,7e,24,b9,71,f1,09,c0,96,94,45,07,0d,47,de,6b,4f,d4,07,26,\
9f,3d,23,00,13,0a,e9,7d,1b,55,f1,86,55,2f,fe,45,fe,1d,47,41,b0,50,51,3f,86,\
1e,51,b3,fd,f7,eb,8c,6b,e3,f7,3e,6b,e3,ef,26
"??"=hex:99,e7,4e,13,06,de,f2,d0,15,15,5a,b1,69,79,4f,ab

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG10.00.00.01WORKSTATION"="F3C41C86D5EBCD6BF364384E8E585BF79F23924A6FD71FDF4DF1161BE90AD90D3C0C8F54EFA456D4C201247CE01A786086026C679116C7E944FC87D2D9C39F4AB11751E2BB6662D761E69CDF92C3418DBF8402CF56D80D8B1CEB41586F64A562C8AD2D7495C0E82F3AF0A9F5498ABD08503D3F5FCC992ABB9224AF84C0C9745895AB2FFD3D93E20BDD8E1E710CF27BCE605254A4E5A3D9E48821856148A49AA2D4FDABA8D415D08F01C58A39475986513FFB35E4F5165DE38570B63263F92A2EE52B38D2E4CEB35679AD4667CC6B76F35A891B16B7E6798C3134FCE9D6A13758C9C72E8DD61F93E8C373EDCA4FABE012C95901E3C7DA77225AA3D432FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452B210270EF3D68B3A514F4A04F03EA90AE66A9900492C0199140D7F843F62A4AB0938B81ECE921D3F11B473A0EC887E379E60EFB3E7951CCAEE47BC28D44EC6CE3F09F6B181A397468E1125D60739524A6E231B43E01ED2B8E4AE72E597460A42E17D125A78648FB3BF25BF22E7FDBBA456554BBCB2E85AE39EECC375FE82E64060E33D9BC4C0DC9F7C0428F6571B13DA39F0B71CFE302D7AA6FED60129CC9838906031EE1B3C1CD20496483B4264F5355C4319D68D3C09E36CB755AA54871DCBA9E728C1D4E9AD5075970A47BDC5C4AFEAEAADD2C8EE7039C3BC6F05E427B852C846E175EDF3B4C95896DF6A7D3D267B735E366B403929C7E387579962B271D56F99A25E0818992615F7BEE55C5C827DE7E7796E27A2BD12E7E5426379C69394FED5B245E7A70A8279731E7157C9064E9D214021D248FC4CD0796DD179942D0142415C68F68773AD3615FB3411BF23B8D07CD8393F5877617F391649565F92C265F570F7C0AF8C2B60BC58CFCE0D8E3F1F3E15628B9504EC3DEC7EA3A700DA33F7634199F72F4CB2739C3753FA9341158B00C93A79D7BC4234346EAA2A62DFE0EE4C28E46F276E2FCBBEA146A44A78A47BAD51D4F18A01E6F47E309FBC86418F22460068A2CCF3402AFCA5A1FABAB587B90888397DACF09271159035650263B44FBE28252BE821BAB388515455823D90F5A4D1614D517434038E6515497B6BFA16F1840E4D587DA4F263BB40AED419C3BF6C923FB2A0356DE3D9035BB630C6407AF37C0F6C0D543B54E77B3BA2F717D98F1AB43224D4A093B339C5951B702219642BFB03108DB8EA2BBFAF0F754646BEC040A5933E3EE83075428A4A8C2073CAA15272BC67EF7C5A2AEC76FA0C2DFD928EC357AD3F3F050011DE357141376FCEE1F7D37FC2E43760EC4075AFEE30D52B9E5DBE400ACE2FF451CB2BF417C212553A80978596AB4786EEE2D5534EE4AB90F419D5FC"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2009-01-04 14:31:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-04 13:31:34

Před spuštěním: Volných bajtů: 44 927 266 816
Po spuštění: Volných bajtů: 44,913,627,136

295 --- E O F --- 2009-01-01 23:37:15

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:33, on 4.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\AGRSMMSG.exe
C:\windows\Logi_MwX.Exe
C:\windows\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jarda\Dokumenty\SOUBORY\Kryštof\Viry\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {0E8C12E2-5329-7ED2-1881-13296992E442} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
O16 - DPF: {17403C87-B807-522F-03B1-5C8718D0ADAD} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {2E5583D0-9080-1F05-9A45-58A279C2660F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {3DC6F52B-DB47-2503-66B4-41670D26AC9D} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4583D395-934D-455E-3CD2-30C144F294DB} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {4BC54967-CD56-4191-9DD7-086CA61F2691} - http://advnt01.com/dialer/czeck1_ver3.CAB
O16 - DPF: {75E305ED-D351-5BCE-EB5D-2B0E59DE0817} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {76C20F22-42B6-5DE3-835D-36CB47C6069F} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {7B066B63-807A-7AE9-7920-0DF1692FAFCE} - http://213.159.117.150/1/rdgCZ10.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Network Security Service (NSS) (Ź%AF夶Ŕ¨) - Unknown owner - C:\WINDOWS\ieam.exe (file missing)

--
End of file - 8604 bytes

Sken souborů:
První dva soubory nenalezeny.
Třetí:
Soubor 61D82ACCBA.sys přijatý 2009.01.04 14:40:09 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/36 (0%)

[jaro3]

START-spustit-cmd.exe-do dosového okna vlož text napsaný modře:
sc stop ieam
sc delete ieam
exit

Ty soubory jsou možná skryté:
Nástroje-možnosti složky-zobrazení-tam dej zobrazovat skryté soubory a složky.
Nebo do toho okna zkopíruj jen cestu:
c:\windows\system32\XDva093.sys
c:\windows\system32\XDva193.sys

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O8 - Extra context menu item: &Search - ?p=ZNfox000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)


Toto znáš:
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {0E8C12E2-5329-7ED2-1881-13296992E442} - http://213.159.117.150/1/rdgCZ10.exe
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/cus ... iq0107.cab
?, jestli ne tak taky fix.

[ChrisS]

Tak nevím, zkoušel jsem je hledat i jsem přímo zadal tu cestu, ale píše mi to že soubory nelze nalézt zkotrolujte správný název souboru.

Jinak v HJT jsem vše fixnul dle návodu.